On Tue, Nov 4, 2014 at 5:43 PM, Joseph Bonneau <[email protected]> wrote: > First version launched today: https://www.eff.org/secure-messaging-scorecard > > This was a collaboration between tech advisers (primarily Peter Eckersley > and myself) and a good team of people with experience in journalism and > activism and there were necessarily some compromises made. The primary goals > here were: > > (a) simplicity for users (and journalists) to draw some conclusions about > what's out there right now and we had to make a lot of compromises to keep > things simple for end-users to understand. > > (b) reasonable carrots for some of the traditional messaging apps to add > security features, get audits, and publish source code. In order to get an "audit" checkmark one has to cause an audit to be done and nothing more (one can keep the results secret and ignore them). If someone tried to maximize their app's rating in the scorecard with minimum effort, that's a (from their point of view) reasonable thing to do, but it doesn't improve security at all. I do not see a way of preventing such gaming while keeping the feature and not requiring the audit results to be at least somewhat publicly disclosed.
> Hopefully we will be launching a more detailed version next year with many > more evaluation criteria but would be curious to hear feedback on this > version from other folks working in this space. > > Cheers, > > Joe Cheers, Robert _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
